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Abstract 

We define a simply typed, non-deterministic lambda-calculus where isomorphic 
types are equated. To this end, an equivalence relation is settled at the term 
level. We then provide a proof of strong normalisation modulo equivalence. 
Such a proof is a non-trivial adaptation of the reducibility method. 
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1. Introduction 

The starting point of this work was to understand and formalize the non¬ 
determinism of quantum programming languages [3, 4]. Unlike other calculi, 
that contain a non deterministic operator |, such that r | t reduces both to r 
and to t, possibly with some probabilities, the non-determinism of quantum 
programming languages comes from the interaction of two operators. The first 
allows to build a superposition, that is a linear combination, of two terms a.r -f 
/3.t, reflecting that a system may be in more than one state at a time. The 
second is a measurement operator tt, reflecting that, during measurement, the 
state of such a system is reduced. 

The non-determinism arises from the combination of these two construc¬ 
tions as the term 7r(a.r -|- f3.t) reduces to r and to t with probabilities |ap and 
l/Jp. Leaving probabilities aside, the non-determinism, in quantum program¬ 
ming languages, comes from the combination of the operators -I- and tt, as the 
term 7r(r -|- 1) reduces to r and to t. In other words, the primitive operator | of 
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non-deterministic languages is decomposed into two operators, and r | t can be 
seen as an abbreviation for 7r(r + t). 

The rules 

7r(r + t) —i> r 
7r(r + t) 1 

are reminiscent of the rules for pairing constructs 

7ri(r,t) ^ r 
7r2(r,t) -J-1 

and it is therefore tempting to consider the term r +1 as the pair (r, t) and tt 
as a projection, that projects the pair (r,t) to r and to t. 

As, in quantum programming languages, unlike with the usual pairing con¬ 
struct, the places in the pair are immaterial, and the superposed states r -|- t 
and t 4- r are identical, it is compelling to consider the pairs r -|- t and t -|- r as 
identical and therefore the type A A B and B A A as identical. 

In typed A-calculus, the types A A B and B A A are known to be isomor¬ 
phic, thus our goal to understand the non-determinism of quantum program¬ 
ming languages, led us to consider quantum programming languages as typed 
lambda-calculi where isomorphic types were identified, thus pairs unordered, 
hence projection non-deterministic. 

In typed A-calculus, in programming languages, and in proof theory, two 
types A and B are said to be isomorphic, when there exists two functions (j) 
from A to B and if} from B to A such that = r for all terms r of type A 
and (pips = s for all terms s of type B. 

Isomorphic types are often identified in informal mathematics. For instance, 
the natural numbers and non negative integers are never distinguished, although 
they formally are different structures. In Martin-Lof’s type theory [23], in the 
Calculus of Constructions [9], and in Deduction modulo [17, 19], some isomor¬ 
phic types, called dehnitionally equivalent types, for instance x (Z y, x & Piy)i 
and \/z {z G X ^ z G y) are identified, but definitional equality does not handle 
all the isomorphisms and, for example, A A B and B A A are not identified: a 
term of type AAB does not have type B A A. 

It has already been noticed that not identifying such types has many draw¬ 
backs. For instance, if a library contains a proof of i? A A, a request on a proof 
ot A A B fails to find it [26], if r and s are proofs of (A A S) C and B A A 
respectively, it is not possible to apply r to s to get a proof of C, but we need 
to explicitly apply a function of type [B A A) ^ (A A B) to s before we can 
apply r to this term. If A and B are isomorphic types and a library contains a 
proof of a properties on A, we cannot use this property on B without any ex¬ 
tra transformation, etc. This has lead to several projects aiming at identifying 
in one way or another isomorphic types in type theory, for instance with the 
univalence axiom [27]. 

In [7] , Bruce, Di Cosmo and Longo have provided a characterisation of iso¬ 
morphic types in the simply typed A-calculus extended with products and a unit 
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type (see [13] for a concise overview on type isomorphisms, or [12] for a more 
comprehensive reference). In this work, we define a simply typed A-calculus 
extended with products, where all the isomorphic types are identihed, and we 
prove strong normalisation for this calculus. All the isomorphisms in such a 
setting, are consequences of the following four; 


aab = b aa 

( 1 ) 

AA{BAC) = {AAB)AC 

( 2 ) 

A^{BAC) = {A^B)A{A^C) 

( 3 ) 

{AaB)^C = A^B^C 

( 4 ) 


For example, A^B^C = B^A^C is a, consequence of (4) and (1). 

Identifying types requires to also identify terms. For instance, if r is a closed 
term of type A, then Xx^.x is a term of type A => A, and (Acc^.x, Xx^.x) is a 
term of type (A A) A (A A), hence, by isomorphism (3), also a term of 
type A => (A A A). Thus the term {Xx^.x, Xx^. x)t is a term of type A A A. 
Although this term contains no redex, we do not want to consider it as normal, 
in particular because it is not an introduction. So we shall distribute the appli¬ 
cation over the pair, yielding the term ((Ax"^.x)r, (Ax"^.x)r) that finally reduces 
to (r, r). Similar considerations lead to the introduction of several equivalence 
rules on terms, one related to the isomorphism (1), the commutativity of the 
conjunction, {r,s) (s,r); one related to the isomorphism (2), the associativ¬ 

ity of the conjunction, ((r,s),t) ^ (r, (s,t)); four to the isomorphism (3), the 
distributivity of implication with respect to conjunction, e.g. (r,s)t ^ (rt,st); 
and one related to the isomorphisms (4), the currification, rst ^ r(s, t). As our 
comma is associative and commutative, and because it can be identified with 
a non-deterministic operator, we will write it -I-. For instance, the equivalence 
due to the associativity of conjunction is rewritten (r -|- s) -|- t ^ r -|- (s -|- t). 

One of the main difficulties in the design of this calculus is the design of the 
elimination rule for the conjunction. A rule like “if r : A A B then tti (r) : A”, 
would not be consistent. Indeed, if A and B are two arbitrary types, s a term 
of type A and t a term of type B, then s -|- 1 has both types A A B and B A A, 
thus 7ri(s -I- t) would have both type A and type B. The approach we have 
followed is to consider explicitly typed (Church style) terms, and parametrise 
the projection by the type: if r : A A then 7r^(r) : A and the reduction rule 
is then that 71^(8 -I- 1) reduces to s if s has type A. 

Hence, this rule introduces the expected non-determinism. Indeed, in the 
particular case where A happens to be equal to B, then both s and t have type 
A and 71^(8 -I- 1) reduces both to s and to t. Notice that although this reduction 
rule is non-deterministic, it preserves typing. This can be summarised by the 
slogan “the subject reduction property is more important than the uniqueness of 
results” [18]. 

Thus, our calculus is one of the many non-deterministic calculi in the sense 
of [6, 8, 10, 11, 24] and our pair-construction operator -|- is also the parallel 
composition operator of a non deterministic calculus. 


3 


In non-deterministic calculi, the parallel composition is such that if r and s 
are two A-terms, the term r + s represents the computation that runs either r 
or s non-deterministically, that is such that (r + s)t reduces either to rt or st. 
In our case, 7rB((r + s)t) is equivalent to 7rB(rt + st), which reduces to rt or st. 

The calculus developed in this paper is also related to the algebraic calculi [1, 
2], some of which have been designed to express quantum algorithms. In this 
case, the pair s + t is not interpreted as a non-deterministic choice but as a 
superposition of two processes running s and t. In this case the projection 
TT is the projection related to the projective measurement, that is the only non 
deterministic operation. In such calculi, the distributivity rule (r-f s)t ^ rt-|-st 
is seen as the pointwise definition of the sum of two functions. 

The main difficulty in the normalisation proof seems to be related to the 
fact that our equivalence relation is “confusing”, that is, it equates types with 
different main connectives such as the isomorphism (3). In [19], for instance, 
only the case of “non confusing” equivalence relations is considered: if two 
non atomic types are equivalent, they have the same head symbol and their 
arguments are equivalent. It is clear however that this restriction needs to be 
dropped if we want to identify, for instance, A ^ {B /\C) and (A =J> i?) A (A 

C). 

Summarising, this paper is the result of three motivations relatively indepen¬ 
dent: to formalise non-deterministic calculi, to integrate the type isomorphisms 
to the language, and to understand how much we can extend the deduction 
modulo techniques. 

2. The Calculus 
2.1. Formal Definition 

In this section we present the calculus. We consider the following grammar 
of types, with one atomic type r, 

A,B,C,... ::= t \ A^ B \ AAB . 

The Isomorphisms (1), (2), (3) and (4) are made explicit by a congruent 
equivalence relation between types: 

A A B = B A A, A ^ (B A C) = (A B) A (A ^ C), 

{AaB) AC = Aa{B AC), {AaB)^C = A^B^C. 

The set of terms is defined inductively by the grammar 
r, s,t ::= \ \x^.v | rs | r-|-s | 7r^(r) 

The set of contexts is defined inductively by the grammar 

CH ::= [•] I j C^r | rC[.] | C[.] + r | r + C[.] | 7r^(C[-]) 

The type system is given in Table 1. Typing judgements are of the form 
T ■. A. A term r is typable if there exists a type A such that r ■. A. 
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Because of the associativity property of +, the term r + (s + t) is the same as 
the term (r + s)+t, so we can just express it as r + s + t, that is, the parenthesis 
are meaningless, and pairs become lists. In particular, we can project with 
respect to the type of s +1 in the previous example. Hence, for completeness, 
we also allow to project a term with respect to its full type, that is, if r : H, 
then 7r^(r) reduces to r. 

Since our reduction relation is oriented by the types, we follow [21, 25], and 
use a presentation of typed lambda-calculus without contexts, which makes the 
reduction rules clearer. To this end each variable occurrence is labelled by its 
type, such as Xx^.x^ or Xx^.y^. We sometimes omit the labels and write, for 
example, Xx^.x for Xx^.x^. As usual, we consider implicit a-equivalence on 
syntactical terms. The type system forbids terms such as Xx^.x^ when A and B 
are different types, by imposing preconditions to the applicability of the typing 
rules. Let S = {x^^,..., x^’'} be a set of variables, we write to express 
that this set is functional, that is when Xi = Xj implies Ai = Aj. For example 
, but not {x^,x^^^}^. We write the preconditions of a typing 
rule, at its left. 

The sets FV (r) of free variables of r, BV (r) of bounded variables of r and 
V{r) = FV{r) L)BV{r) are defined as usual in the A-calculus (cf. [5, §2.1]). For 
example V{Xx^^^^'^.xy^z^) = ,y^, z^}. We say that a term r is 

closed whenever FV{r) = 0. 

Given two terms r and s we denote by r[s/a;] the term obtained by simulta¬ 
neously substituting the term s for all the free occurrences of x in r, subject to 
the usual proviso about renaming bound variables in r to avoid capture of the 
free variables of s. 

Lemma 2.1. If r ■. A and r : B, then A = B. 

Proof. Straightforward structural induction on the typing derivation of r. □ 

The operational semantics of the calculus is given in Table 2, where there are 
two distinct relations between terms: a symmetric relation ^ and a reduction 
relation which include a labelling -id or 6. Such a labelling is omitted when 

it is not necessary to distinguish the rule. Moreover, relation ^ is ^ U 
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Symmetric relation: 


r -f s 


s -1- r 

(comm) 

(r -1- s) -1- t 


r -f (s -1- 1) 

(asso) 

Aa;^.(r -I- s) 


Aai^'^.r -I- Ai^.s 

(DISTii) 

(r -)- s)t 


rt -I- st 

(oiSTie) 

t^a^b{Xx^ .r) 


Xx^-TTBix) 

(DISTei) 

If r : A => (R A C), 7rA^s(r)s 


ttb (rs) 

(DISTee) 

rst 


r(s -t t) 

(curry) 

li A = B, r 


v[A/B] 

(subst) 

\ r : A f\ B \ , , 

1 s■.C^D 1’ ^^Ac(r + s) 


7rA(r) -f 7rc(s) 

(split) 

Reductions: 




If s : A, (Ax^.r)s 

-.<5 

r[s/x] 

(/3) 

If r : A, 7ryi(r -|- s) 

-1(5 

r 

(’Ln) 

If r : T, 7rA(r) 

->5 

r 

(’Ll) 

If 1 l,r 

1 r s -P t / ’ 

<5 

7ryi(r) -h 7rB(r) 

(-5) 


.)) 

r s C'[-] 

C'[ka[-)] 


CM ^ C[s] 


CM ^ c[s] 


cM-^c[s] 


{ct 


Table 2: Operational semantics 


Type substitution on a term r, written r[A/B], is defined by the syntactic 
substitution of all occurrences of i? in r by A. We write and for the 
transitive and reflexive closure of ^ and ^ respectively. Note that is an 
equivalence relation. We write -w for the relation ^ modulo (i.e. r s iff 
r r' ^ s' s), and for its reflexive and transitive closure. 

Each isomorphism taken as equivalence between types induces an equiva¬ 
lence between terms, given by relation Four possible rules exist however 
for the isomorphism (3), depending of which distribution is taken into account: 
elimination or introduction of conjunction, and elimination or introduction of 
implication. 

Only two rules in the symmetric relation ^ are not a direct consequence 
of an isomorphism: rules (subst) and (split). The former allows to update the 
types signature of the Church-style terms. The latter is needed to be used 
in combination to rule (Disxei) when the argument in the projection is not a 
A-abstraction, but a A-abstraction plus something else (cf. Example 2.10). 

Rule (i5) has been added to deal with curryfication, (cf. Example 2.9). Notice 
that the condition in this rule not only asks for the term to not be a sum, 
but to not be equivalent to a sum. Lemma 2.4 ensures that the equivalent 
classes defined by relation {s | s r}, are finite, and since the relation is 
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computable, the side condition of (5) is decidable. 

In addition, Lemma 2.4 also implies that every reduction tree is finitely 
branching. 

To prove that for any term r, the set {s | s r} is finite, one possible way 
would be to prove that if r ^ s then S'(r) = 5'(s) where the size S{r) of a term 
r is defined as the number of variables and symbols A and tt 

• S{x^) = 1 , 

• S{Xx^.r) = 1 + S{r), 

• S'(rs) = S'(r) + S'(s), 

• S{r + s) = S'(r) + S{s), 

• 5'(7r^(r)) = 1 + ^(r). 

Indeed, the set {s | s r} would then be a subset of the set {s | FV{s) C 
FV{r) and S{s) = S'(r)} which is finite. 

Unfortunately, it is not the case that the size S is an invariant for the relation 
^ as the rule (DisTi,) 


Aa;^.(r + s) ^ Aa;"^.r + Ax^.s 

for instance duplicates the symbol A and the term Xx^.{x + x) is equivalent to 
Xx^.x + Xx^.x, while S{Xx^.{x + x)) = 3 and S{Xx^.x + Xx^.x) = 4. In the 
same way, the rule (Disxie) 

(r + s)t ^ rt + st 

duplicates the term t. 

However, the number of times the symbol A can be duplicated in the term 
Ai^.t, is bounded by the number of symbols + that the term t may generate. 
A bound P(t) on this number is easy to define 

• P{x^) = 0 , 

• P{Xx^.r) = P(r), 

• P(rs) = P(r), 

• P(r + s) = 1 + P(r) + P(s), 

• P(7rA(r)) = P(r). 

and we can define a size-like measure on terms M, such that M (r) is a bound 
on the size of s for s ^ r. For instance M{Xx^.r) is not 1 -|- M(r) but 1 -I- 
M (r) -I- P(r), to express that the size of s may be bigger than that of r, because 
a symbol A may be duplicated in s, but not much bigger, as it can be duplicated 
at most P{r) times. 

• M{x^) = I, 
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• = 1 + M(r) + P(r), 

• M(rs) = M(r) + M(s) + P(r)M(s), 

• M(r + s) = M(r) + M(s), 

• M(7r^(r)) = 1 + M(r) + P(r). 

Prior to state and prove Lemma 2.4, we need the following two auxiliary lem¬ 
mas, showing that P(t) and M(t) are invariant with respect to ^ (Lemmas 2.2 
and 2.3 respectively). 

Lemma 2.2. If s then P{r) = P(s). 

Proof, r -I- s ^ s -f r: P(r + s) = 1 -|- P(r) -|- P(s) = P(s -|- r). 

(r -I- s) -I- t ^ r 4- (s -I- t): P((r -|- s) -|- t) = 1 -|- P(r -I- s) -|- P(t) 

= 2 -P P(r) -P P(s) -4 P(t) = 1 -t P(r) -t P(s + t) 

= P(r -I- (s -f t)) 

Xx^.{y -P s) ^ Xx^.Y -P Xx^.s: P{Xx^.{y + s)) = P(r -P s) 

= 1 -P P(r) -P P(s) = 1 -P P{Xx^.y) -P P{Xx^.s) 
= P{Xx^.Y -P Xx^.s) 

(r -P s)t ^ rt -P st: P((r -P s)t) = P(r -P s) 

= 1 -P P(r) -P P(s) = 1 -P P(rt) -P P(st) 

= P(rt -P st) 

TTA^siXx^.Y) ^ Aa;^.7rB(r): P{TrA^B{Xx^ .y)) = P{Xx^.y) 

= P{^) = PiT'-Bir)) 

= P{Xx^.ttb{y)) 

TrA^B{Y)s ^ 7rB(rs): P(7rA^B(r)s) = P(7rAA>s(r)) 

= P(r) = P(rs) 

= P(7rB(rs)) 

(rs)t ^ r(s -P t): P((rs)t) = P(rs) = P(r) = P(r(s -P t)). 
y^y[A/B\-. P(r) = P(r[Pl/P]). 

7’‘AAc(r + s) ^ 7rA(r) -P 7rc(s): P(7rAAc(r + s) = P(r -P s) 

= 1 -P P(r) -P P(s) = 1 -P P{tta{y)) -P P(7rc(s)) 
= P(7rA(r) -P 7rc(s)) 

(^[r] ^ (^[s] with r ^ s : Straightfoward case by case on the structure of C[-]. 
For example, let C)-] = C"[-]-Pt, then ^((^[r]) = l-pP(C"[r])-pP(t), which, 
by the induction hypothesis, is equal to l-pP(C"[s])-pP(t) = P(C'[s]). □ 


Lemma 2.3. If s then M{r) = M{s). 

Proof. We proceed by structural induction on relation 
r + s ^ s + r: M(r + s) = M(r) + M(s) = M(s + r). 

(r + s) + t ^ r + (s + t): M((r+s)+t) = M(r)+M(s)+M(t) = M(r+(s+t)). 

Xx^.{v + s) ^ Xx^.r + Xx^.s: M{Xx^.{r + s)) 

= 2 + M(r) + M(s) + P(r) + -P(s) 

= M{Xx^.v + Xx^.s) 

(r + s)t ^ rt + st: M((r + s)t) 

= M(r + s) + M(t) + P(r + s)M(t) 

= M(r) + M(s) + 2M(t) + P(r)M(t) + P(s)M(t) 

= M(rt) + M(st) 

= M(rt + st) 

TTA^B^Xx^.r) ^ A2;^.7rB(r): MiTTA^B^Xx^.r)) 

= 1 +M{Xx^.v) +P{Xx^.v) 

= 2 + M(r) + 2P(r) 

= M{Xx^.TrB{v)) 

TrA^B{r)s^ TTB{rs): M{TTA^B{r)s) 

= M{TTA^B{r)) + M(s) + P{TTA^B{r))M{s) 

= 1 + M(r) + P(r) + M(s) + P(r)M(s) 

= 1 + M(rs) + P(rs) 

= M(7r(rs)) 

(rs)t ^ r(s + t): M((rs)t) 

= M(rs) + M{t) + P(rs)M(t) 

= M(r) + M(s) + P(r)M(s) + M(t) + P(r)M(t) 

= M(r) + M(s + t) + P(r)M(s + t) 

= M(r(s +1)) 

r ^ r[A/P]: M(r) = M{r[A/B]). 

7i‘AAc(r + s) ^ 7r^(r) + 7rc(s): M(7r^Ac(r + s)) 

= 1 + M(r + s) + P(r + s) 

= 1 + M(r) + M(s) + 1 + P(r) + P(s) 

= M{tta{v)) + M(7rc(s)) 

= MiTTAip) + 7rc(s)) 
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C[r\ ^ (^[s] with r ^ s : Straightfoward case by case on the structure of C[-]. 
For example, let C[^ = Xx^.C'[-], then M(C'[r]) = l+M(C"[r])+P(C"[r]), 
which, by the induction hypothesis, is equal to l+M(C"[s])+P(C'[r]), and 
this, by Lemma 2.2, is equal to 1 + M{C'[s\) + P(C'[s]) = M{C[s]). □ 

Lemma 2.4. For any term r, the set {s | s r} is finite (modulo a- 
equivalence). 

Proof. As {s I s r} C {s I FV{s) = FV{r) and M(s) = M(r)} C 
{s I FV{s) C FV{r) and M(s) < M(r)} all we need to prove is that for all nat¬ 
ural numbers n, for all finite sets of variables F, the set Ft (n, F) = {s | FV (s) C 
F and M(s) < n} is finite. 

We first prove by induction on s that M{s) > 1 and then the property by 
induction on n. For n = 1 the set {s | FV{s) C F and M(s) < 1} contains only 
the variables of F. Assume the property is proved for n then iJ(n -I- 1, F) is a 
subset of the finite set containing the variables of F, the abstractions (Ax'^.r) 
for r in iJ(n, FU {x'^}), the applications (rs) for r and s in iJ(n,F), the sums 
r -I- s for r and s in H{n, F), the projections 7r^(r) for in F[{n, F). □ 

2.2. Examples 

Example 2.5. Let s : A and t : B. Then ttb^aUXx^^^. x)s)t : A, 

Xx^^^.x : {A A B) ^ {A A B) 

Xx^'^^ .X ■. A ^ B ^ {A A B) s:A^ ^ 

{Xx^^^.x)s : B^ {A A B) 

: {B ^ A) A {B ^ B) ~ ^ 
ttb^aUXx^'^^. x)s) : B ^ A t : B 

t^b^a{{Xx"^'^^. x)s)t : A 


The reduction is as follows: 

ttb^aUXx"^'^^. x)s)t ^ 7rA((Aa;"^^‘®.a;)st) ^ ttaUXx"^^^. x){s + t)) 

^ 7r^(s + t) s 

Example 2.6. Let r : A, s : F. Then {Xx^.Xy^.x){v + s) ^ (Xx^.Xy^.x)rs 
r. However, if A = F, it is also possible to reduce in the following way 

{Xx^.Xy^. x){y -1- s) ^ {Xx^.Xy^. x){y + s) 

^ {Xx^.Xy^.x){s + r) 

^ {Xx^ .Xy^.x)sr 
s 

Hence, the encoding of the projector also behaves non-deterministically. 
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Example 2.7. Let TF = Xx^.Xy^.{x + y). Then 


_^yB • ^ /\ ^ ^ 

Xy^.{x + y) ■■ B ^ {AAB) ^ 

TF : A ^ B ^ {A X B) 

TF : {A^ B ^ A) XiA^ B ^ B) 

TTA^B^AiT^) '■ A^ B ^ A 

Then, if r : A and s : B, we have 7r^^B^^(TF)rs : A. Notice that 

TrA^B^AiTF)rs ^ 7rB^A('IFr)s ^ 7r^(TFrs) 7r^(r + s) ^ r 

Example 2.8. Let T = Xx^.Xy^.x and F = Xx^.Xy^.y. Then 

F-.A^B^A Y-.A^B^B ^ 

F + ¥ -. {A ^ B ^ A) X {A ^ B ^ B) ' FF : {A ^ B ^ A) X {A ^ B =X B) 
F + F + FF : {{A^ B ^ A) X{A^ B ^ B)) X{{A^ B ^ A) X{A^ B B)) 


Hence 'rri^A^B^A)/\{A^B^B) (T + F + TF) is well typed and reduces non-determi- 
nistically either to T + F or to TF. Moreover, notice that T + F and TF are 
observationally equivalent, that is, (T + F)rs and TFrs both reduce to the same 
term (r + s). Hence in this very particular case, the non-deterministic choice 
does not play any role. We will come back to the encoding of booleans on this 
calculus on Section 4.3. 


Example 2.9. Let r : C. Then 

XxA^B)^A j^y{AAB)^B j. . XB) ^ A) ^ {{AXB) B) ^ C 

and since ((A A H) => A) =J> ((A XB) ^ B) ^ C = ((A X B) ^ (A X B)) => C, 
we also can derive 

_^y{AAB)^BXB)^{AXB))^C 

H6nc6 

I^Xx^AaB)^A Xy(AAB)^B ^^)f^Xz^AB . (j 

The reduction is as follows: 

.t){Xz^^^) 

-4 -t) (7r(AAB)^A(A2^^^) +7r(^AB)^B(Az"^^-®)) 

^ .t)'K(AAB)^A{.^Z^^^)^ TT{AaB)a>b{>^Z^^^) 

^[T^{AAB)^A{>^Z^'^^)/x][Tr,^AAB)^B{>^Z^'^^)/y] 


(Ai) 
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Example 2.10. Let r : C. Then 


- {ax) 

_ :AAB _ 

.X : {A A B) => {A A B) ' 

(Xx^^^.x) +r : {AAB) ^ {AAB) AC 
(Xx^^^.x) +r : {{AAB) ^ A) AC A{AAB) ^ B) 
^aAAB)^A)Acii^x^'^^-x) + r) : {(A AB) ^ A) AC) 

The reduction is as follows: 


7r((.4AB)^.4)Ac((Aa:^^-®.a:) +r) ^ tt(aab)^a{>^x^^^. x) + -Kciv) 

^ T^{AAB)^Ai>^x^'^^-x) + r 
^(Ax^^^.7rA(x))+r 


2.3. Subject Reduction 

Our system has the subject reduction property, that is, the set of types as¬ 
signed to a term is invariant under ^ and Before proving subject reduction, 
we need the following results. 

Lemma 2.11 (Generation Lemmas). 

1. If x^ : B, then A = B. 

2. If Xx^.r : B, then B = A ^ C, r : C and {V{r) U {x^})^. 

3. If rs : B, then r : A ^ B and s : A. 

4. If r + s : A, then A = B A C with r : B and s : C. 

5. If 7r^(r) : B, then A = B and (r : B or r : B AC). 

Proof. The proof follows by a straightforward induction on the typing deriva¬ 
tion. To notice that such an induction is straightforward, it suffices to real¬ 
ize that the only typing rule not changing the term, is (=). For example, if 
Aa:"^.r : B, then the only way to type this term is either by rule (^i), and so 
B = A^ C ioi some, C, r : C and (E(r) U {x^})\ or by rule (=), and so the 
induction hypothesis applies and B = A ^ C. □ 

In the remaining of this paper, we may use Lemma 2.11 implicitly. 

Lemma 2.12 (Substitution Lemma). If r : A, s : B and {V{r) U {x^})^, then 
r[s/x^\ : A 

Proof. We proceed by structural induction on r. 

• Let r = x^. Since [V(x^) U {x^})^ implies A = B,we have s : A. Notice 
that x'^ls/x^] = s, so x^[s/x^] : A. 

• Let r = with y ^ x. Notice that y^[s/x^\ = y^, so y^[s/x^] : A. 
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• Let r = \y^ .t' . Then A = C ^ D, with r' : D. By the induction 
hypothesis y'[s/x^] : D, and so, by rule (^i), \y^ .y'[s/x^\ : C ^ D. 
Since Ay‘^.r'[s/a:^] = {Xy"^.r')[s/x^], using rule (=), (A?/‘^.r')[s/a:^] : A. 

• Let r = rir 2 . Then Yi ■. C ^ A and r 2 : C. By the induction hy¬ 
pothesis ri[s/x^] ■. C ^ A and r 2 [s/a;^] : C, and so, by rule (^e), 
(ri[s/a;^])(r 2 [s/x'®]) : A. Since (ri[s/a;^])(r 2 [s/a:'®]) = (rir 2 )[s/a;^], we 
have (rir 2 )[s/a;^] : A. 

• Let r = ri -I- r 2 . Then ri ; Ai and r 2 ; A 2 , with A = Ai A A 2 . By 
the induction hypothesis ri[s/a;^] : Ai and r 2 [s/a;^] : AI 2 , and so, by rule 
(Ai), (ri[s/a;^]) -h (r 2 [s/x^]) : Ai A ^ 2 - Since (ri[s/a;^]) -h (r 2 [s/a;^]) = 
(ri -I- r 2 )[s/a;^], using rule (=), we have (ri -|- r 2 )[s/x^] : A. 

• Let r = 7 r^(r'). Then either r' : A, or r' : A A C. By the induction 

hypothesis, either r'[s/a:^] : A or r'[s/x^] : A AC. In any case, either by 
rule Aei or Ae„, 7 rA(r'[s/a:^]) : A. Since 7 rA(r'[s/a:^]) = 7 rA(r')[s/x^], we 
have 7 r^(r')[s/x^] : A. □ 

Theorem 2.13 (Subject reduction). If r : A and r ^ s or s then s : A. 

Proof. We proceed by induction on the rewrite relation. 

r-|-s^sH-r: Ifr-|-s:T, then A = A\AA 2 = A 2 A Ai, with r : Ai and 8 :^ 2 . 
Then, 


s -I- r : ^2 A Ai 
s -I- r : T 


(r -h s) -I- t ^ r -h (s -f t): 


(“^) If (r -1- s) -I- t : A, then A = {Ai A A 2 ) A A^ = Ai A {A 2 A A 3 ), with 
r : Ai , s ; A2 and t : A3 . Then, 


s : A2 t : A3 
r : Ai s -I- t : A2 A A3 


(A.) 


(Ai) 

r -I- (s -I- t) : Ai A (A2 A A3) 
r -I- (s -I- t) : A 


(<_) Analogous to (^). 

Aa::^.(r -|- s) Ax-^.r -|- Xx^.s: 

(“*■) If Ax®.(r + s) : A, then A = B 
with r : Ci and s : ( 72 . Then, 


(Cl AC2) = {B^ Cl) A[B^ C2), 


-- 

Xx^ .Y : B ^ Cl Xx^ .s : B ^ C2 

Xx^.Y + Xx^.s : {B ^ Cl) A{B^ C2) 

Xx^ .Y + Xx^ .s : A 


i^i) 

(Ai) 

(=) 
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(<_) If \x^.r + \x^.s : A, then A = {B ^ Ci) A {B ^ C2) = B => 
(Cl A C2), with r : Ci and s : C2. Then, 


r:Ci s:C2 
r + s : Cl A C2 
Ax®.(r + s) : B ^ (Ci A C2) 


\x^ .{y + s) : a 


(^i) 

(=) 


(r + s)t ^ rt + st: 


(^) If (r + s)t : A, then r + s : B ^ A, and t : B. Hence A = AiA A2, 
with V : B ^ Ai and s : B ^ A2. Then, 

r : B ^ Ai t : B , . s : B ^ A2 t : B , , 

- i^e) -^4- (=^e) 


rt : Hi 


st : H2 


rt + st : Hi A H 2 
rt + st ; H 


(A.) 


i=) 


(<_) If rt + st : H, then H = Hi A H2 with r : H Hi, s : H' ^ H2, t : H 
and t : B'. By Lemma 2.1, B = B'. Then 


(-) 


s : B' 

r : i? => Hi s : B ^ A2 
r + s : (H => Hi) A {B ^ H2) 
r + s : i? (Hi A H 2 ) 


(Ai) 
( = ) 


t : B 


(r + s)t : Hi A H 2 
(r + s)t : H 


(=>=) 


(=) 


7rB^C'(Aa:-®.r) ^ Xx^.Trc{r): 

(^) If 7 rB^c(Aa;^.r) : H, then A = B ^ C and either Ax^.r : B 
(C A D) or Ax^.r : C ^ D. Hence either r : C A U, or r : C. In any 
case, either by rule (AeJ or (Ae„), 7 rc(r) : C, so 


7 rc(r) : C 


(^i) 


Ax^. 7 rc(r) : B ^ C 


Ax®. 7 rc(r) ; H 


{=) 


(-) 


If Ax®. 7 rc(r) ; H, then A = B ^ C and 7 rc(r) : C, so either r : CAD 
or r : C. Hence, either 


y:C AD 


{=) 


Xx^.Y :B^{C AD) 
Xx^.Y ■. [B ^ C) A{B ^ D) 


Y : C 


7 rB^c(Ax®.r) : B ^ C 
TTB^ciXx^ .y) : A 


(^i) 

(Ae) 


Xx^.y-.B^C 




or 


(Ae) 


( = ) 


7’'B=^c(Ax'®.r) : B ^ C 
TTB^dXx^ .y) : A 


i=) 
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7rB=>c(r)s ^ 7rc(rs) with r : B ^ {C A D): Then s : B. 


(“*■) If 7rB^c(r)s : A, then A = C. 


v:B^{C AD) 
rs : C A D 
7rc(rs) : C 
7rc(rs) : A 


s : B 
) 

i = ) 


(=^e) 


(<_) If 7rc(rs) : A, then A = C. 

v:B^{CAD) 

v.{B^C)A{B^D) 

7rB^c(i') ■■ B ^ C s: B 

(r)s : C 
7rB=>c(r)s : A 


rst ^ r(s + t): 


(^) If rst : A, then r : B ^ C ^ A = {B A C) ^ A, s : B and t : C. 
Then, 

Y : B ^ C ^ A s : i? t : C 

Y : {B AC) ^ A s + t ■. B AC 

- {^e) 

r(s + t) : A 

(<_) If r(s +1) : A, then y : {B AC) ^ A = B ^ C ^ A, s : B and t : C. 
Then 

Y : {B AC) ^ A 
y: B^C^A^^ s : B . 

Ys:C^ A " t : C ^ 

-:- A - 

rst : A 


r ^ r[i3/C'] with B = C: If r : A, since A = A[B/C], a straightforward induc¬ 
tion on r allows to prove r[i3/C'] : A. 

t^b/\d{^ -I- s) ^ 7rB(r) -|- 7r£i(s) with y : B AC and s : D A E: 

(“*■) If 'Kb/\d(j -I- s) : a then A = B A D. Then 

^ ■ B AC s : D A E 

TTBjr) : B _ 7rji(s) : D ^ 

7rB(r) -I- ttd{s) : B A D 
7rB(r) -I- TTnis) : A 


(<_) If 7rB(r) -I- 7r£)(s) : A, then A = B A D. Then 

Y : B AC s : D A E 


(Ad 


y + s:{BAC)A{DAE) 


Y + s : {B AD) A{C AE) 
TTBAoir + s) : B AD 
T^BAoir + s) ■. A 


(Ad 
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(Aa::^.r)s ^ r[s/a;] with s : B: If {Xx^ .r)s : A, then Xx^ .r : B ^ A and s : B, 
and so r ; A and (IA(r) U {x^}Y . Then by Lemma 2.12, r[s/a;'®] : A. 

7rB(r + s) ^ r with r : B: If TTB{r + s) : A, then A = B, and so, by rule (=), 
r : A. 


7rB(r) ^ r with r : B: If 'Knij) '■ A^ then A = B, and so, by rule (=), r : A. 


r =->■ 7rB(r) + 7rc(r) with r ri + r 2 and r : B AC: If r ; A then A = BAC. 
Then 

r:BAC v.BAC 


TTsir) : B 


TTsir) : B 


7r_B(r) + 7rc(r) : B AC 
TTBir) + 7rc(r) : A 


(Ad 


Contextual cases Let t — >■ r, where —> is either ^ or 

Ax^.t —> Xx^ .r If Ax^.t : A, then A = B ^ C and t : C, hence by the 
induction hypothesis, r : C and so Ax^.r; B ^ C = A. 

ts —s> rs If ts : A then t : B ^ A and s : B, hence by the induction 
hypothesis, r ■. B ^ A and so rs : A. 

st —i> st If st : A then s : B ^ A and t : B, hence by the induction 
hypothesis r ; B and so sr : A. 

t + s—j-r + s Ift + s:A then A = AiAA 2 where t : Ai and s : ^2 , hence 
by the induction hypothesis, r : Ai and so r + s : Ai A A 2 = ^. 

s + t — >■ s + r Analogous to previous case. 

-A 7rB(r) If 71^(1) : A then A = B and t : B A C or t : B, hence by 
the induction hypothesis r : B AC or r : B, m any case, -k B{r) B = 

A. □ 


3. Strong Normalisation and Normal Forms 

3.L Strong Normalisation 

Now we prove the strong normalisation property. In our setting, strong 
normalisation means that every reduction sequence fired from a typed term 
eventually terminates in a term in normal form modulo ^*. In other words, 
no ^ reduction can be fired from it, even after ^ steps. Formally, we define 
Red(r) = {s | r s}. Hence, a term r is in normal form if Red(r) = 0. 
When r is strongly normalising, we write (r)| for the maximum number of 
steps needed to get a normal form of r. We denote by SN the set of strongly 
normalising terms. 

We use the notation => H for Ai => • • • ^ A„ => B, with the 

convention that => B = B. In addition, we write s for Si ... s„. 

The normalisation proof is based in the representation lemma for types 
(Lemma 3.4), for which we define conjunction-free types as follows. 
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Definition 3.1. A conjunction-free type is a type without conjunctions, which 
can be produced by the following grammar: 

S,R,T ::=T \ S ^ R 

The canonical form of a type, written can (A), is a conjunction of conjunction- 
free types, and it is defined inductively by 

can(r) = r can{A ^ B) = let Ar=i S'* = can(A) in 

can(A AB) = can(A) A can(B) A^i Rj = can(B) in 

AT=i{W^=i^R^) 

Example 3.2. can((5'i AS' 2 ) ^ {R1AR2)) = {Si =^82^ Ri)A{Si =^82^ R2) 
Lemma 3.3. For any A, A = can(A). 

Proof. We proceed by structural induction on A. 

• Let A = T. Then A = can (A). 

• Let A = SAC. By the induction hypothesis B = can(S) and C = can(C), 
hence A = can(S) A can(C) = can(S A C) = can (A). 

• Let A = B ^ C. By the induction hypothesis B = fAi=i C = 

AJLi so A = (AAi sf) ^ (A™ 1 Rj) = A^i(AAi SA ^ Rj which is 
finally equivalent to AJli {Ri)i=i ^ Rj- 

Lemma 3.4. For any A, can(A) = A7=i i^ij) Ji ’’’j n > 1 and\/i,mi > 
0 . ^ 


Proof. We proceed by structural induction on A. 
• A = r. Then take n = 1 and mi = 0. 


A = B A C. By the induction hypothesis can(S) = Ai=i i8ij)jj{i 


and can(C) = A7=k+i ('S'iAjJi 

Atil^li^r. 


T, so can(S AC) = can(S) A can(C) = 


A = B ^ C. By the induction hypothesis can(S) = Ai=i iRik)k=i ^ 
and can(C) = A°j=i (RjAiLi ^ Then we have that can(S => C) = 

■ r, with 

□ 


A°=i((^.fe)ni^^),=i ^ iRji)t 




_ AO 

“ Aj=i {Rji)i=i 
Tji — {8ik)}^—i T if ? ^ 71, and Tji — Rjf^^—n) if ^ A n. 

Definition 3.5. The interpretation of canonical types is given by 


/\ {^ij)j=l 


= r 


Vi, 


Sij G ISijj 
j = 1,... ,m, 


implies 


);a= 


(r)si G SN 


where n > 1, and m > 0. 

The interpretation of a general type A is defined by |can(A)]. 
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In order to prove that equivalent types have the same interpretation (Corol¬ 
lary 3.10), we need first the following intermediate results. 

Definition 3.6. Let can*°(A) be defined in a similar way than can(A) but where 
each time there is a conjunction, it is taken in quasi-lexicographic order (that 
is, strings are ordered firstly by length, and then lexicographically), and with 
the parenthesis associated to the right. 

Example 3.7. Let Si < S 2 < S 3 and Ri < i? 2 - 

• can*°((T => r) A r) = r A (t => r). 

• can'°(ALi^0 = ^iA(52A53). 

• can'°((52 A S 3 ) A Si) = Si A {S 2 A S 3 ). 

• can*°((5'2 A ^i) R) = Si ^ S 2 ^ R- 

• can*°((5'2 A ^i) ^ (i?i A R 2 )) = {Si ^ S 2 ^ Ri) A (S*! ^ S 2 ^ R 2 ). 
Lemma 3.8. If A = B, then can*°(A) = can*°(i3). 

Proof. By induction on the equivalence relation. 

• AAB = BA A. Let can*°(A) be equal to can*°(A)Li Si) and can*°(i?) equal 
to can'°(Ajli Rj). Then can'°(2l A B) ^ can'°((A"=i Si) A (Ajli Rj) = 
can^°{B A A). 

• {A A B) AC = A A {B AC). Analogous to the previous case. 

• A ^ {B A C) = {A ^ B) A {A ^ C). Let can'°(A) = can'°(Ar=i-S'*), 
can*°(i3) = can*°(A^=i Rj) and can*°(C) = can*°(AJLfe+i Rj), so can*°(BA 
C) = can'°(A"^i Rj). Hence, can'°(A ^ [B AC)) = can'°(A”Li (<S'i)i=i ^ 
Rj) = can'°(can'°(A B)Acan'°(A ^ C)) = can'°((A ^B)A{A^ C)). 

• {A A B) ^ C = A ^ B ^ C. Let can*°(A) = can*°(Aj,=i St), can*°(H) = 
can*°(AAfc+i Si) and can*°(C') = can*°(A^i l?j). Hence, can^°((AAH) 

C) = can'AAr=iMLi^^.)- 

On the other hand, can*°(i? =j> C) = can*°(AJLi (>5'i)i=fe+i Sj), so 
can'°(A ^ B ^ C) = can'°(A"li (-5'i)^=i JsifLk+i ^ Sj), and notice 
that this is equal to can*°(AJLi (*S'i)i=i Sj) = can^°((A A B) ^ C). 

• Congruence: 

— Let A = H be a consequence of A = H. Trivial case. 

— Let A = C be a consequence of A = i? and B = C. By the induc¬ 
tion hypothesis can*°(A) = can^°(i?) and can*°(i?) = can*°(C), hence 
can'°(A) = can'°(C). 
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~ Let A=>C' = i3=>C'bea consequence oi A = B. Let can*°(A) = 
can*°(/\"^^ S'i), and can*°(C') = can*°(/\^^ i?j). Then can*°(A => 

C) = can*°(/\^^ Rj)- By the induction hypothesis, we 

have that can^°(B) = can*°(/\"^^ 5^), and hence can*°(i? ^ C) = 
can'°(A™ 1 (5',)r=i ^ Rj) = can^°{A => C). 

- Let AAC = BAChea consequence of A = i?. can*°(yl A C) = 
can*°(can*°(A)Acan*°(C')), which by the induction hypothesis, is equal 
to can'°(can'°(B) A can'°(C')) = can'°(B A C). □ 

Lemma 3.9. V^, |can(A)] = |can*°(^)]. 

Proof. Let can(^) = Ar=i (‘^d)j=i ^ Hence, |can(A)] = {r | Vi, if for 
j = 1,... ,mi, Sij £ l-S'y], then 7r ,g (r)si £ SN}, which, by rule (subst) is 

equal to {r | Vi, if for j = 1,... ,mi, s^- £ fSijj, then £ 

SN} = |can'°(H)]. '' □ 

Corollary 3.10. If A = B, then |can(A)] = |can(i?)]. 

Proof. By Lemma 3.8, A = B implies can*°(A) = can^°(i?), and by Lemma 3.9, 
|can(A)] = |can*°(A)] for all A. Hence, 


Ican(H)l = |can'°(H)] = [can'°(H)l = Ican(H)l □ 


Lemma 3.11. MA, |can(H)] ^ 0. 

Proof. If s £ SN, then both x^s and 7rB(a;^)s are in SN, hence for all H, 
£ lean (A)]. □ 

Lemma 3.12. VA, |can(A)] C SN. 

Proof. Let can(A) = A^i (‘^d)j=i ^ ^ Ican(A)]. Assume r ^ SN, 

then for any s, ^T-(r)s ^ SN. A contradiction. □ 

Lemma 3.13. //r £ SN, then TTA{r) £ SN. 


Proof. We proceed by induction on the sum the size of r and the sum of the 
number of steps to reach the normal form by any path starting on r. The 
possible reduction from 7r^(r) are: 

• 7ry4(r'), and so the induction hypothesis applies, 

• r', with r' : A and either r ^ r' + t or just r ^ r'. In any case, since 
r £ SN, then r' £ SN. 


• TT^Ai’i) + ^A 2 {^ 2 ), with A = Ai A A 2 , and r ri + r 2 . Since r £ SN, 
then ri £ SN and r 2 £ SN. Hence the induction hypothesis applies. 
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• 7ryij(7rA(r))+7rA2(^^('"))i A = Ayl 2 , and r ri+r 2 . Hence we 

cannot reduce the projection in head possition, not tt^, we must reduce 
r first. If there is not ri + r 2 in the path to reach the normal form of 
r, then we are done. Suppose there is ri + r 2 . Then the projection will 
project either ri or r 2 . In any case, since r S SN, we have ri S SN and 
r2GSN. □ 

Lemma 3.14. If ri G SN and r 2 G SN, then ri + r 2 G SN 

Proof. First we prove the following property: If ri + r 2 s ^ s', then, there 
exist ti and t 2 such that s' ti + t 2 , with either (ri ^ ti and r 2 12 ) or 
(ri ti and r 2 = 12 ) or (ri = ti and r 2 12 ). Once this property is proven, 
we have that if ri + r 2 is not in SN, then for each s in the infinite reduction 
path, s ti +t 2 such that either ri ti and r 2 t 2 or ri ti and r 2 = t 2 
or ri = ti and r 2 t 2 . In any case, at least one of ri and r 2 has an infinite 
path reduction, which is an absurd since ri and r 2 are in SN. 

We proceed to prove the needed property. 

The possible terms s ri + r 2 are: 

• r'j + v '2 with ri r'^ and r 2 r^. This is the trivial case. 

• ... Ax^" .(r'^ + r^), with 

ri Axf ^ ... Axj^" .r'^ 

r2 Axf ^ ... Ax^" .Y '2 

Then the only possible reduction from this term is 

Axfi ...Ax;^".(r'/ + r") 


with (r']^ r'/ and = r^'), or (r'j^ = r'/ and r^'). 

In any case, it is equivalent to Axf' ... Ax;^".r'/ + Axf^ ... Ax^" .v'f, and 
notice that either 




or 


(r'l + r'2)si .. 


Axfi . 

• ■ Axj^" 

•ri 

Axf ^ . 

..Ax^.ri' 

Axfi . 

.. Xx^^ 

•r'2 

= Axi^^ . 

. .Ax;^".r" 

Axfi . 

■ ■ 

•ri 

= Axf1 . 

..Ax^.ri' 

Axfi . 

..Xx^" 

•r'2 

Axi^^ . 

. .Ax;^".r" 


. s„, with 

n r'lSi ... s„ 

r2 r'2Si ... s„ 


The only possible '^-reductions from this term are: 
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- (r'l + r^)si... s' ... s„ r'lSi... s' ... s„ + r^Si... s' ... s„ 
with Si s'. 

Notice that 

r'^si... s„ r'^si... s' ... s„ 

r^si...s„ r^si... s' ...s„ 

- (r'Z + r^')si... s„ 

with either (r'^ ^ r'/ and = r^'), or (r'^ = r'/ and ^ r^'). 

In any case, it is equivalent to r'/si... s„ + r^'si... s„, and notice 
that either 


r'lSi ■ 

• ■ S-n, 

•w r'/si. 

. . S- 

r^si. 

• ■ Sn 

= r2Si • 

.. s. 

r'lSi ■ 

• ■ Sn 

= r'/si. 

.. s. 

r^si. 

• ■ Sn 

•w r^'si . 

.. s. 


• TTAiAAsCr'i +r^), with 

ri 

r2 7r^2(i‘2) 

The only possible '^-reductions from this term are: 


- tt^iaAsK + ^ 2 ) 



with either (r'j^ ^ r'() and (r^ = r'f 

II 

0 

Notice that either 

Tl-AiW) 

Ti-Ai (r'l') 


7''A2(ry = 

7''A2(r2) 

or 

Tl-AiW) = 

Ti-Ai (r'l') 


7''A2(r2) 

T^AAr'f) 

— ti -|- t2 



with r'l ti -I- t[ 

and r 2 t 2 -I- t' 2 . 

Notice that 

T^AiW) 

ti 


t^aA^A 

-w t2 

- i-'i+r'^. 



Notice that 

t^aAA) 

^ r'l 


T^aA^'2) 


Lemma 3.15. //rgSN, then Xx^.r € SN. 



Proof. First we prove the following property: If Xx^.r s ^ s', then, there 
exists t such that s' Xx^.t, with r t. Once this property is proven, we 
have that if Xx^.r is not in SN, then for each s in the infinite reduction path, 
s Xx^.t such that r t, which is absurd since r G SN. 

We proceed to prove the needed property. The possible terms s Ax^.r 
are: 
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• Ax'^.r', with r r'. This is the trivial case. 

• Ax'^.ri + Ax'^.r2 
with r ri + r 2 . 

The only possible ^-reduction from this term is: 

Ax"^.r^ + Ax"^.r2 

with (ri ^ r'l and r 2 = r^) or (ri = r'^ and r 2 ^ r^). 

In any case, ri + r 2 r'^ + r^. 

• 7rA^Bi(7rA^B2(-• ■7rA^B„(Ax^.r'))) 

with r ■KB^ (ttbj (. .. ttb^ (r'))). 

The only possible ^-reductions from this are: 

~ 7rA^Si(7rA^B2(- ■ -TTA^SnCAx^.r"))), with r' ^ r". 

Notice that r ■ ■'’^B-nW'))). 

- ■ ■7rA^B„(Ax^.r')))) 

+t^a^b[' (7rA^B2 (• ■ • T^A^Sn (Ax^.r')))) 

with Bi = B[ A B”. 

Notie that, since r ri -|- r 2 , otherwise the rule S would not have 
been applied, we have 

r ttbj (ttbi (7rB2 (■ • ■ ttb„ (r")))) + ttb” {^TB^ {ttb^ (■ • ■ t^b^ (r")))) □ 

Lemma 3.16. J/rS |can(A)] and s G |can(i?)], t/ien r-|-s S |can(24 A i?)]. 

Proof. Let can (A) = => r and can(B) = ALfe-^i ^ so 

can(24 A B) = Ar=i i^ij)jh Then we have that for all i = 1,..., fc, if for 

j = 1,..., rrii, tij G |5'y], then ^ “ k + 1, ...,n, 

if for j = 1,... ,mi, tij G IS'ij], then ^^(s)ti G SN. Therefore, for all 

z = 1,..., n, if for j = 1,..., rm, G IByl, we have s)^* ^ 

so r-I-s G |can(A A B)]. □ 

Let (T be a term substitution. We write or for r after the substitutions a. 
We say that a is adequate if for all x"^, cr(x^) G |can(^)]. 

The following lemma shows that any adequate substitution applied to a term, 
is in the interpretation of the type of such term. This lemma, together with 
Lemma 3.12, implies that a typed term is strongly normalising (Theorem 3.18). 

Lemma 3.17 (Adequacy). If r : A and a adequate, then ar G |can(A)]. 

Proof We proceed by induction on the typing derivation. 

• Let x"^ : A be a consequence of rule (ax). Since a is adequate, cr(x"^) G 
Ican(A)l. 
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• Let r : S be a consequence oi r : A, A = B and rule (=). By the induction 
hypothesis Vct adequate, ar £ |can(A)], so by Lemma 3.10, or S |can(i?)]. 

• Let Xx^.r : A ^ B he a. consequence of r : i? and rule Let can (A) = 

Ar=i 'T and can(S) = {Rjk)lLi ^ % the induction 

hypothesis, ar G |can(il)], that is, for all j, if G Ii?jfcl, for k = 
then tt— — -hj (o’r)sj G SN. Notice that aXx^.r = Xx^.ar. 

We must show that 


Xx^.ar G 


--n _ I . 

i=i 


that is, we must show that Vj, if for z = 1,..., n, G 
for fc = 1,..., hj, Sjk G then 


(Sa) 


■Pi 

1=1 


^ T 


and 


By Lemma 3.3, A = can(A), so 

(Ax"^.crr)ts 


(Aa::"^.crr)tSj G SN 










\-^jk Jk = l^~ ^ 


Since err is in SN, by Lemma 3.15, Xx^.ar G SN, and then by Lemma 3.13, 

(Aa;"^.crr) G SN, hence Xx^^.tt— — -h^ (or) G 


(('Sil)f=i=>'r)i=i^(-RjfchLi^'r^' {RjAZl" 

SN . And since also t, G SN, we can proceed by induction on the sum of 
the number of steps to reach the normal form of each of these terms. The 
possible reductions fired from tt- 


iRjk)k=l~ 


{Xx^ .ar)tSj are: 
(or) , then the 


(('Sii)iii=^'r)i=i=^(-R3fc)fc=i- 

reducing one of ti,Sjfc, Ax^.err or Xx^.tt- 
induction hypothesis applies. 

Then consider a' = (J,[Y.l:=iZ/x\. 
By Lemma 3.16, is adequate, hence 


i^3k)k = \^^ 


(crr[y]t,/a:])sj- = tt. 


i=l 




(cr'r)sj G SN 
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(Aa::"^.CTr)tSj) 


T^Ci (,7- 

+7>‘Ci ((Su)^li^T).^^^{Rjk)lLj^^T'' 

using rule (5). From this term, the only possible reductions are like 
in the two previous cases ((< 5 ) cannot be applied twice). Hence the 
term is in SN. 


Let rs : H be a consequence of r : H 
can(H) = Ar=i iSih)hli ^ t and can(H) = f\° {Rjk)ll 


B, s : A and rule (=^e)- Let 
■Pi 
fe=l 


then 


can(H^i?)=A,”Li((5..),:i=^r).^i 




T. By the induc¬ 


tion hypothesis, if a adequate, ar S |can(H H)] and crs S |can(H)], 

[Ft -r^i 1 

that is, for j = 1 ,..., m, if for i = 1 ,..., n, tji G {Sih)h-^ ^ t\ and for 
k=l,...,pk, Ujk G iRjkl, then 




J.^ih)h=l 

{crr)tjUj G SN 


Remark that 




[ar)tjUj 






2=1 


hence since ar € |can(A ^ B)}^ by Lemma 3.16, if ^ 

then 7 r-==-—r. G SN. Since we have 

) h = l^^ )i = l^\-^jk ) k = 

crs G |can(H)], we have that tt — „ , p, (crr)crsu, is 

\\^'ih)h = l^'^}i=.l^\Rjk) k = 

equivalent to ttj^ —rp^ ((crr)crs)u,- = ttj-s —tpj (cr(rs))u,- G SN, and 

so cr(rs) G |can(i?)]. 

• Let r-|-s:HAHbea consequence of r : H, s : H and rule (Ai). By 
the induction hypothesis, Vtr adequate, ar G |can(B)] and crs G |can(i?)], 
hence by Lemma 3.16, ar + as G |can(B A B)]. Notice that trr -|- cts = 
cr(r -f s). 

• Let 7ryi(r) : B be a consequence of r : A A B and rule (Ae„). By the 

induction hypothesis, Vcr adequate, ar G |can(BAi?)]. Let can(B) = 
ALi (5'yOjJi ^ T and can(B) = AAfc-Hi ^ '^5 then we have trr G 

|can(BAB)] means that Vi, if Vj, Sij G IBy], then Tr-T-a-^’^i , (crr)si G 

SN. 

We need to prove that 




A?=i(s«), 


.(err))Si ^ 7r^(7r 


ALASii);2r^ 


.(crr)si) G SN 


By Lemma 3.13, it suffices to prove ir.k (ar)si G SN. If /c = 1, 

/\i = l \^^j )j = l^'’' 

then we are done. In other case, we proceed by induction on the sum of the 
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number of steps to reach the normal form of err, and tt . ^ (or) 

/\i=l )j = l^~ 

(which is in SN by Lemma 3.13). The possible reductions fired from 

— reducing one of or, s^,..., or tt . t . (err), then the indue- 

/\i = l \^^3 )j = l^''' 

tion hypothesis applies, 

— r'sj, with r' ; A^=i or = r' -|- t or just or = r'. 

Since ^^[ar)si ^ 7rT-((7rSi) £ SN which is equal either to 

7r,-((r'-|-t)si) £ SN, then we have 7r,-(r'si-|-tSi) £ SN, or to 7r,-(r'si) £ 
SN, in any case we can conclude r'si £ SN. 

~ using rule 

(<5). From this term, the only possible reductions are like in the two 
previous cases ((5) cannot be applied twice). Hence the term is in 

SN. 

— Any other reduction involving first using DisTee-rule, are analogous to 
the previous case. 


• Let 71^4 (r) : A be a consequence of r : A and rule (AeA- By the induction 
hypothesis or £ |can(A)], that is, if can (A) = AlLi 
z, if for all j, Sy £ |can(S'y)], then ^^(CTr)si £ SN. Notice that 


since ar : A, we have tt- 


(Sij); 


^{ar)si 7rT-(((Tr)si), hence (crr)si £ SN, 
so 7r^(crr)si £ SN, which implies (7r^(CTr))si £ SN. □ 

(.oij ^ ^ 

Now we can prove strong normalisation as a corollary of Lemma 3.17. 


Theorem 3.18 (Strong normalisation). If r: A, then r£ SN. 

Proof. If r : A, by Lemma 3.17, for all cr adequate, or £ |can(A)]. Take 
cr = identity, and notice that it is adequate (cf. proof of Lemma 3.11), then 
err = r £ |can(A)], which by Lemma 3.12, is in SN. □ 


3.2. Characterisation of Typed Closed Normal Forms 

In this section, we give a characterisation of typed closed normal forms 
(Theorem 3.20), for which we need the following auxiliary result. 

Lemma 3.19. If r : A A B and FV{r) = 0, then 7r^(r) reduces using at least 
one reduction 7r„ (that is, a projection discarding part of the term, in contrast 
with reduction tti, which keep the whole term). 

Proof. We proceed by structural induction on r. 

• If r = Xx^.s then A = C => A' and B = C ^ B', with s : A' A B'. So, 
T^C^A'{Xx^.s) ^ Aa;‘^.7rA/(s), which by the induction hypothesis reduces 
using at least one 7r„ reduction. 
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• If r = V 1 T 2 then ri : C => (A A B), so 7r^(rir2) ^ 7rc^yi(i'i)i’2- We 
conclude with the induction hypothesis. 

• If r = ri + r 2 the cases are: 

- Ti ■. A and T 2 '■ B, then 7r^(r) ri 

- ri ■. A f\ Bi and r 2 : B 2 , with B = Bi A B 2 , then, by the induction 
hypothesis, 7ryi(ri) reduces using at least one 7r„ reduction, and so 

+ ^ 2 ) does the same. 

- ri : A i? and r 2 : ^2 A B, with A = Ai A A 2 , then 7r^(ri + r 2 ) ^ 

7’'AiaA 2 (ri+r 2 ) ^ ttai (ri)+7>'A2 (r 2 ), and by the induction hypothesis 
both 7ryij(ri) and 7r2i2(r2) reduce using at least one 7r„ reduction. 

• If r = 7rc(s), then C = A A B and s : A A B A D, so hy the induction 

hypothesis, 7rc(s) reduces using at least one 7r„ reduction, hence 7r^(7rc(s)) 
does the same. □ 

Theorem 3.20 (Characterisation of typed closed normal forms). If r : A and 
FV (r) = Red(r’) = 0, then there exists Ti ,..., An, tj : Bj for j = 1,... ,m and 
Cl,... ,Cm, withn+m> 1 such that r X]r=i ■ 

Proof We proceed by structural induction on r. 

• If r = Xx^.s, then we are done. 

• If r = rir 2 , then ri : B ^ A, r 2 ■ B. So, by the induction hypothesis 

ri YJi=i Xx^As^ + hence 

n m 

rir2 ■r,)tj)r2 

i=i j=i 

n m 

^(Aa;^\Sj)r2 + )tjr2 

i=i j=i 


If r = ri + r 2 , then for j = 1,2, Xj : At so by the induction hypothesis 


ri T,i=i Ax^bSi + T,"li{Xx^^^^Arj)tj and r 2 T,i=n+i A® 


ELm+i(Aa;^"^^Arj)t^-, so r Ax^bs^ + ELiCAa 


.s. 


If r = 7r24(s), then s : A A B, indeed, s cannot have type A because 
Red( 7 r 2 i(s)) = 0. So, by Lemma 3.19, Red( 7 rA(s)) 7 ^ 0. □ 


4. Computing with our Calculus 

4-1. Pairs (and lists) 

Because the symbol + is associative and commutative, our calculus does not 
contain the usual notion of pairs. However it is possible to encode a deterministic 
projection, even if we have more than one term of the same type. An example, 
although there are various possibilities, is given in the following table: 
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Standard 

Encoding 

(r, s) : A A A 

.r -1- Xx^ .s:1=4>AA2=^>A 

7ri(r,s) 

TTi^AiXx^ .r + Xx^.s)y^ 


where types 1 and 2 are any two different types. This example uses free vari¬ 
ables, but it is easy to close it, e.g. use Xy.y instead of y^ in the second line. 

Moreover, this technique is not limited to pairs. Due to the associativity 
nature of -I-, the encoding can be easily extended to lists. 

4-2. A deterministic subsystem 

In the previous section we have seen how to encode a pair, transforming the 
non-deterministic projection into a deterministic one via an encoding. Another 
possibility, is to remove the non-deterministic behaviour of this calculus by drop¬ 
ping the isomorphisms (1) and (2), as well as rules comm and asso. Despite that 
such a modification would simplify the calculus—indeed, the projection can be 
taken as the standard projection—the resulting calculus would still count with 
distribution of application over conjunction and currification, two interesting 
features for a language. The former allows to execute a function only partially, 
when not all its results are needed. The latter can also be used to optimise 
programs when there are multiple calls to the same function, but one of its 
arguments is fixed. 

4-3. Booleans 

Example 2.8 on booleans actually overlooks an interesting fact: If A = 
B, then both T and F behaves as a non-deterministic projector. Indeed, 
Trs r, but also {Xx^.Xy^.x)rs ^ {Xx^.Xy^.x)rs ^ {Xx^.Xy^.x){v -|- s) ^ 
{Xx^.Xy^.x){s -I- r) ^ {Xx^.Xy^.x)sr s. 

Similarly, Frs s and also Frs r. Hence, A => A => A is not suitable 
to encode the type Bool. The type A ^ A A has only one term in the 
underlying equational theory. 

Fortunately, there are ways to construct types with more than one term. 
First, let us define the following notation. For any t, let write the canon 
of t, that is, the term Xz^.t, where is a fresh variable not appearing in t. 
Also, for any term t of type A ^ B, we write the cocanon, which is 

the inverse operation, that is, = t for any t : B. For the cocanon 

it suffices to take = tXx^.y^. Therefore, the type ((A ^ A) ^ B) ^ 

B ^ B has the following two different terms: tt := Xx^.x and 
ff := .Xy^ . Hence, it is possible to encode an if-then-else 

conditional expression in the following way: If c then r else s := cr[s]^^'^. So, 
ttr[s]^^"^ r, while ^ s. 

5. Conclusions, Discussions and Future Work 

In this paper we defined a proof system for propositional logic with an as¬ 
sociative and commutative conjunction, and a distributive implication with re¬ 
spect to it, where equivalent propositions get the same proofs. 
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5.1. Related Work 

5.1.1. Relation with other non-deterministic calculi 

As a consequence of the commutativity of conjunction, the projection in 
our calculus is not position-oriented but type-oriented, which entails a non- 
deterministic projection where if a proposition has two possible proofs, the pro¬ 
jection of its conjunction can output any of them. For example, if r and s are 
two possible proofs of A, then TTA{r s) will output either r or s. 

In several works (cf. [22, §3.4] for a survey), the non-determinism is modelled 
by two operators: The first is normally written -I-, and instead of distributing 
over application, it actually makes the non-deterministic choice. Hence (r -|- s)t 
reduces either to rt or to st [10]. The second one, denoted by ]], does not 
make the choice, and therefore (r jj s)t reduces to rt jj st [11]. One way to 
interpret these operators is that the first one is a non-deterministic one, while 
the second is the parallel composition. Another common interpretation is that 
-|- is a may-convergent non-deterministic operator, where type systems ensure 
that at least one branch converges (i.e. terminates), while j] is a must-convergent 
non-deterministic operator, where both branches are meant to converge [8, 10, 
11, 16]. In our setting, the -I- operator behaves like jj, and an extra operator {tta) 
induces the non-deterministic choice. The main point is that this construction 
arose naturally as a consequence of considering the isomorphisms between types 
as an equivalence relation. Our type system ensures the termination of all the 
branches (Theorem 3.18), therefore ensuring must-convergence. 

5.1.2. Relation with the selective X-calculus 

In a work by Garrigue and Ai't-Kaci [20], only the isomorphism 

A ^ {B ^ C) = B ^ {A ^ C). (5) 

has been treated, which is complete with respect to the function type. Our 
contribution with respect to this work is that we also consider the conjunction, 
and hence four isomorphisms. Notice that isomorphism (5), in our setting, is 
a consequence of currification and commutation, that isAAH = B A A and 
{AAB)^C = A^B^C. 

Their proposal is the selective A-calculus, a calculus including labellings to 
identify which argument is being used at each time. Moreover, by considering 
the Church encoding of pairs, isomorphism (5) implies isomorphism (1) (com¬ 
mutativity of a). However their proposal is different to ours. In particular, we 
track the term by its type, which is a kind of labelling, but when two terms 
have the same type, then we leave the system to non-deterministically choose 
any proof. One of our main novelties is, indeed, the non-deterministic projector. 
However, we can also get back determinism, by encoding a labelling, as discussed 
in Section 4, or by dropping some of the isomorphisms (namely, associativity 
and commutativity of conjunction). 
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5.2. Future Work 

5.2.1. Adding more connectives 

A subtle question is how to add a neutral element of the conjunction, which 
will imply more isomorphisms, e.g. AAT = A, = T and T ^ A = A. 

Notice that within our system, T T = T would make it possible to derive 
{Xx^.xx){\x^.xx) : T, however this term is not the classical H, it is typed by 
T, and imposing some restrictions on the beta reduction, it could be forced not 
to reduce to itself but to discard its argument. For example: “If A = T, then 
(Aa::"^.r)s ^ Ax^.r, in other case, do the standard beta-reduction”. 

5.2.2. Probabilistic and quantum computing 

A second line is the probabilistic interpretation of the non-determinism in our 
calculus. In [15] a probability space over the set of non-deterministic execution 
traces is defined. This way, our calculus is transformed into a probabilistic calcu¬ 
lus instead of just a non-deterministic one, providing an alternative way for more 
complex constructions. Moreover, the original motivation behind the linear al¬ 
gebraic extension of lambda calculus [4] and its vectorial type system [2] was to 
encode quantum computing on it by considering not only non-deterministic su¬ 
perpositions, but formal linear combinations of terms. A projection depending 
on scalars could lead to a measurement operator in a future design. This is a 
promising future direction we are willing to take. 

Acknowledgement. We thank Emmanuel Beffara, Fred&ic Blanqui, Pablo E. 
“Fidel” Martinez Lopez, Emmanuel Polonowsky and Thomas Seiller for en¬ 
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